1. ARP Under Abnormal Conditions

2. Experiment with the browser (1) arp -n # see what it there Open a browser on your personal workstation browse to 10.10.1.5 browse to 10.10.1.97 Did both pages fail exactly the same way? arp –n

3. Experiment with the browser (2) sudo tcpdump –n –e –i eth0 not host 10.10.1.5 Open a browser on your personal workstation browse to 10.10.1.97 browse to 10.10.1.5 What does tcpdump tell you about each failure?

4. Experiment with the browser [ANS] 10.10.1.5 is a DHCP server. It is not running a webserver. 1. The workstation sends an ARP request and gets a reply 2. The workstation sends a GET request to server port 80 and is refused a connection 3. The browser fails immediately 10.10.1.97 is not a valid IP – no machine running 1. The workstation sends several ARP requests, waiting after each one, and never gets a reply. It never sends a GET request. 2. The browser waits for several seconds and eventually reports a failure

5. Good IP, bad MAC Let’s see what happens if we create an entry in the ARP table with the proper IP for your webserver, but a bad MAC address Window A: sudo tcpdump -n –e –i eth0 not host 10.10.1.5 Window B: sudo arp –s 10.10.1.10 11.22.33.44.55.66 ping 10.10.1.10 This fails to connect, but how does it fail? What messages are sent/received?

6. Bad IP, good MAC Let’s see what happens if we create an entry in the ARP table with the proper MAC for your webserver, but a bad IP address Window A: Use command-line tools to find the MAC for the webserver: ping –c 1 10.10.1.10 arp –n # copy the good MAC for the webserver sudo arp –s 10.10.1.96 Window B: sudo tcpdump -n –e –i eth0 not host 10.10.1.5 Window A: Use command-line tools to send to the webserver: ping 10.10.1.96 wget 10.10.1.96

7. Dualing IP addresses Let’s see what happens with two identical IP addresses on the network. Do the following: 1. Clone your webserver. Name the new machine colorweb-clone 2. Power on both webservers. 3. Record the MAC addresses of the webservers and one client 4. Clear your arp cache 5. In window A: sudo tcpdump –n –e –i eth0 not host 10.10.1.5 6. In window B: ping –c 1 10.10.1.10 7. Wait for 7 packets and stop tcpdump Explain your findings

8. Dualing MAC addresses (1) Let’s see what happens with two identical MAC addresses on the network. Do the following: 1. Make the following changes in colorweb-clone: sudo nano /etc/network/interfaces # Change the IP address to 10.10.1.11 Add this line above the ‘address’ to hard-wire the MAC; use your web server’s MAC: hwaddress 00:50:56:83:09:4e Save and exit sudo /etc/init.d/networking restart 2. Verify the MAC and IP for both webservers (same MAC, different IP) 3. Do the following in your personal workstaion: ping –c 1 10.10.1.10 ping –c 1 10.10.1.11 arp –n # Verify that both machines show up in the ARP table

9. Dualing MAC addresses (2) (con’t) In window A: sudo tcpdump –n –e –i eth0 not host 10.10.1.5 In window B: ping –c 1 10.10.1.10 # Wait a few seconds In window B: ping –c 1 10.10.1.11 Explain your findings

10. Dualing MAC and dualing IP addresses 1. Make the following changes in colorweb-clone: sudo nano /etc/network/interfaces # Change the IP address to 10.10.1.10 Leave the hard-wored MAC in place Save and exit sudo /etc/init.d/networking restart 2. Do the following in your personal workstaion: In window A: sudo tcpdump –n –e –i eth0 not host 10.10.1.5 In window B: ping –c 1 10.10.1.10 Explain your findings